Collaborate Disseminate
We’re experiencing an issue, where SSL server-certificates issued by our own internal PKI will show as invalid in the browser, when accessing the site.
The error is NET::ERR_CERT_INVALID (Tested in Edge and Chrome). IE shows Mismatched Add… Continue reading SSL Certificates signed by our CA show as invalid in browser
I have to store a document (e.g. a JSON file) on a remote PC (that my App is running on) alongside a signature to be able to verify that this file was signed by me. I have no access to this PC nor does this PC have access to the internet. … Continue reading How to prevent public key tampering
I need to create a certificate with:
subject.attribute1: 2.5.4.3 {Common Name} UTF8String
subject.attribute2: 2.5.4.92 {tagAFI} OCTET STRING
subject.attribute3: 0.9.2342.1920.0300.100.1.1 {userId} UTF8String
Anyone any idea on how to do t… Continue reading How do I create a certificate with subject containing Octet string?
When importing a device certificate/private key through CERTLM, the GUI seems to choose a deprecated Cryptography Service Provider (CSP) called "Microsoft Strong Cryptographic Provider"; I’m wondering if there is a way to change … Continue reading Local Machine certificate (certlm.msc) – choosing "Microsoft Software Key Storage Provider" on import [migrated]
Is there any tool out there that will monitor my system’s use of root CAs? So far I have not found anything, and so I am hoping that this community will know if such a tool exists.
For background, I use Windows, which comes with its own c… Continue reading Is there a tool for auditing my root certificates?
I have a key pair which I used to generate a CSR.
Once I enrolled that CSR PKCS10, I get from the PKI (or CA) a certificate signed with the PKI private key.
From here, I would like to know if my private key is useful in any way in regards … Continue reading What happens to the key pair once the CSR has been enrolled?
I’ve been looking around for smart cards with support for Ed25519. More specifically, I’d like to have a TLS CA with the private key on a YubiKey. The latest YubiKey 5 supports secp256k1, secp384r1, and RSA 2048 in the PIV tool for storing… Continue reading Can I Use an OpenPGP Smart Card to Sign a TLS Certificate?
In eIDAS Remote Qualified Signatures, but also in other Remote-Signature Solutions, the cryptographic keys are held by the Remote Signature Provider. The user uses some method, e.g., a smartphone app, to allow the creation of a signature.
… Continue reading Remote eIDAS Qualified Signatures: Control of Signature Activation Data
I’m trying to understand the goal of a digital signature in PKI/TLS. I understand that digital signature provide us Data integrity, Authentication and Non-repudiation.
But, why is it necessary to use digital signatures in secure communicat… Continue reading Is a digital signature really needed?
I have some basic questions regarding eIDAS and ‘Advanced Electronic Signatures’.
Say, if I create a product under my company Acme Inc that offers a simple electronic signature where I sign every completed document digitally with a digital… Continue reading Does a signature service provider level digital certificate for electronic signature comply with eIDAS requirement for Advanced Electronic Signatures?